Guidance

The Federal Financial Institutions Examination Council (FFIEC), the group that crafts and releases the financial crime compliance industry bible on programs and procedures, launched a redesigned Bank Secrecy Act/Anti-Money Laundering (BSA/AML) InfoBase website in October, aimed at sharing financial institution examination procedure information with examiners, financial institutions, the public and other stakeholders.

According to the FFIEC, InfoBase was redesigned to improve the overall experience for users. The redesign improves site navigation, enhances search capabilities, provides mobile-friendly capability and contains new functionality that allows users to download various sections of the FFIEC BSA/AML Examination Manual.

The BSA/AML InfoBase Home Page provides users with access to everything in one place. At the top of the screen, across the banner from left to right, users can get to the Infobase Home Page, the Online BSA/AML Manual, Examination Procedures, References, and the FFIEC Home Page. Quickly accessible sections of the manual include:

Introduction: An introduction to the FFIEC BSA/AML Examination Manual and related concepts;

Compliance Program: Guidance to examiners on examination scoping and planning, assessing the BSA risk assessment and compliance program, and developing conclusions and finalizing the exam;

Regulatory Requirements: Guidance to examiners on assessing compliance with other statutory and regulatory BSA requirements;

Program Structures: Guidance to examiners on assessing BSA/AML compliance program structures, management of foreign branches, and parallel banking; and more. To read more analysis, click here.

Compliance

U.S. Department of Justice updates policies on picking corporate monitors for large scale compliance failures, noting officials don’t want them doled out unethically or as political favors. To read the full report, click here.

The U.S. Treasury and federal banking and credit union regulators in October issued a rare joint statement focusing on smaller institutions, essentially giving their blessing for these operations to pool financial crime compliance resources to lower costs, improve efficiency and potentially get access to more expertise and independence. The Financial Crimes Enforcement Network (FinCEN), the Office of the Comptroller of the Currency (OCC) Federal Reserve (Fed), Federal Deposit Insurance Corp. (FDIC) and National Credit Union Administration (NCUA) stated it was time to make a more formal ovation to smaller entities on the subject.

To read the joint, interagency press release, click here. To read the full statement, click here.

In these cooperative arrangements, say regulators, smaller financial institutions, such as community banks and credit unions, could get access to trainers – training is one of the key prongs of an AML program – with more expertise than they may have had the budget for individually. The arrangements may be similar in how banks juggle dual use employees, for instance, when a bank is so small that the AML officer must wear other hats and may also have oversight of certain business functions.

The statement gives several examples where regulators feel sharing resources could work and a few where they won’t. One area that multi-bank partnerships could work is internal controls:

More countries are showing heightened risks of exposure to money laundering, according to an annual ranking of countries assessing their money-laundering risk. The Basel Institute on Governance, which released the seventh edition of its Basel AML Index last month, said 83 countries, or about two-thirds of those in the index, have a risk score above 5.0 and are therefore classified as having a significant risk of money laundering and terrorist financing.

High scores, based on a 10-point scale, indicate a country is more vulnerable to money laundering. More than 40 percent of the countries have higher ratings than they did in 2017, the study found. The most concerning aspect of the report, according to the institute, is that countries aren’t enforcing the laws they have on the books to fight money laundering.

The index tweaked its approach on missing data this year, resulting in 17 countries being removed from the ranking. Among those not ranked in 2018 was Iran, which had topped the index each of the previous four years.

Tajikistan was the top country for money-laundering risk this year, according to the index, followed by Mozambique, Afghanistan, Laos and Guinea Bissau. The lowest-risk countries, according to the index, are Finland, Estonia, Lithuania, New Zealand and Macedonia. To read more analysis, click here.To read more about the AML index, click here.

Government leaks

Federal authorities in October arrested a senior U.S. Treasury department official for allegedly leaking thousands of confidential financial crime compliance program filings, including details about a high-profile investigation into potential ties between arch foe Russia and the president’s election campaign.

The official in question, Natalie Mayflower Sours Edwards, is a senior adviser for the Financial Crimes Enforcement Network (FinCEN), the country’s financial intelligence unit, which holds untold millions of anti-money laundering (AML) filings sent by financial institutions in the form of suspicious activity reports (SARs) and currency transaction reports (CTRs).

In an 18-page criminal complaint, authorities detail nearly a dozen stories published by news site, BuzzFeed, over the course of a year where Edwards served as a secret source, handing over specific details on individuals and related financial transactions, which potentially revealed monetary support for Russian meddling during the 2016 presidential campaign.

The apparent goal was to uncover concrete financial linkages between these Russian activities and associates of President Donald Trump, including now convicted felon Paul Manafort, his former campaign manager, Paul Gates, the Russian embassy, and others.

Enforcement

The federal regulator of the nation’s largest and most complex banks has penalized a household name credit card company $100 million for failing to adequately correct a host of deficiencies cited in a prior enforcement action centered around the oversight of correspondent accounts, remote deposit capture facilities and not reporting instances of aberrant activity.

The October penalty against Capital One is a rare foray for the U.S. Treasury’s Office of the Comptroller of the Currency (OCC) against a credit card company, with the regulator in recent months focusing its wrath chiefly against the domestic connections of large foreign banks in Asia, the Middle East and Eastern Europe with threadbare anti-money laundering (AML) programs.

At the same time, the OCC action continues a trend of federal and state regulators levying hefty fines after they felt prior non-monetary enforcement actions were not taken seriously enough. In this case, examiners brought the bulk of the AML issues to Capital One’s attention in a prescriptive, 31-page July 2015 consent order.

StanChart braces for possible new Iran fine of about $1.5 billion, potentially more than double prior sanction

British bank Standard Chartered Plc is bracing for a possible new fine of about $1.5 billion as a result of previous Iranian sanctions violations,Bloomberg reported last month, which would be more than double a prior fine in 2012 of $667 million for similar failings. The current investigation centers around sanctions violations that would have occurred after 2007, the time when the bank told authorities it had stopped doing business with countries on U.S. blacklists.

The bank itself warned in its most recent annual report that resolving the U.S. probe could mean “substantial monetary penalties.” This could be another setback for StanChart, which is trying to boost profitability after years of restructuring. StanChart, which has operations across Asia and Africa, has been investing in compliance and financial crime prevention after facing a series of penalties and regulatory investigations, including in Nigeria, Angola, Dubai and Hong Kong, (via Reuters, Bloomberg).

The Internal Revenue Service recently warned tax professionals of a new wave of attacks that allow identity thieves to file fraudulent tax returns by remotely taking over practitioners’ computers.

As part of the Security Summit effort, the IRS urged tax professionals to review their tax preparation software settings and immediately enact all security measures, especially those settings that require usernames and passwords to access the products. The IRS is aware of approximately two dozen cases where tax professionals have been victimized in a matter of days. To read the full release, click here.

Investigations

U.S. Attorney General Jeff Sessions has launched a series of measures to strengthen how the country’s law enforcement agencies prioritize, communicate and coordinate on strategies to counter larger international criminal and terror groups.

In October, Sessions appointed Associate Deputy Attorney General Patrick Hovakimian to serve as the Department’s first Director of Counter Transnational Organized Crime. Hovakimian has served in Department leadership since early 2017 and also as an AUSA in the Southern District of California, where he is co-lead counsel in a series of transnational public corruption and fraud cases.

This follows an early 2017 executive order directing the federal government to “ensure that Federal law enforcement agencies give a high priority and devote sufficient resources to efforts to identify, interdict, disrupt, and dismantle transnational criminal organizations[.]” As a result, the FBI, DEA, OCDETF, and the Department’s Criminal Division to identify top transnational criminal groups that threaten the United States and its allies. The top threats, which will also have a dedicated task force subcommittee assigned to them, are designated as:

Information sharing

DOJ, DOI team up to improve tribal access to criminal records database

The Department of Justice (DOJ) and the Department of the Interior (DOI) announced a dramatic expansion of the federal government’s key program that provides tribes with access to national crime information databases, the Justice Department’s Tribal Access Program for National Crime Information (TAP), that will allow tribal investigators access to more data about individuals with criminal records, who could be on native lands.

By the end of 2019, the Justice Department will expand the number of TAP participating tribes by more than 50 percent — from 47 tribes to 72. These new locations will provide crucial access to TAP for services delivered to more than 50 tribal communities that currently do not have any direct access. To read the full release, click here.

Cybersecurity

Yahoo agrees to pay $50 million to data breach victims numbering in the billions whose accounts were compromised in 2013 and 2014.

Yahoo will have to cough up $50 million in damages as part of a settlement following massive data breaches that took place in 2013 and 2014. The first breach affected three billion accounts, while the second affected 500 million accounts -- neither were disclosed until 2016. Hacked information included passwords that were encrypted but could be cracked. The $50 million fund will compensate affected account holders $25 for every hour spent dealing with the fallout from the breach. To read more analysis, click here.

Securities

Finra examiners in the October action found that, due to an unreasonably designed AML program, LPL failed to investigate numerous attempts to gain unauthorized access to electronic systems that should have resulted in the filing of Suspicious Activity Reports (SARs).

This failure stemmed primarily from the firm’s use of a “fraud case chart” that provided inaccurate guidance to its AML employees concerning investigation and reporting requirements when third parties used electronic means to attempt to compromise a customer’s email or brokerage account. As a result, LPL failed to file more than 400 SARs. To read the full action, click here.

The Securities Exchange Commission (SEC) tackled the soaring issue of business email compromise (BEC) attacks last month, analyzing whether companies involved in these crimes – which spoof email addresses and completely evade cybersecurity protocols by taking advantage of the human element – are victims of criminal schemes, or if they themselves should be punished for not having the proper cyber defenses of training in place.

In this case, the SEC sent a message that firms should ensure that broad financial crime training, including proper cyber hygiene, went down to the individuals involved with transactions, wires and updating vendor details. To read the full report from the SEC, click here.

In recent years, financial crime compliance has risen to the top of both regulators' and banks' priorities. In the U.S., this has meant regulators like the SEC and Finra leveling more enforcement actions and penalties – including record fines for lax financial crime compliance programs.

On a broader scale, at the end of August 2015, the International Securities Services Association (ISSA) released 17 Principles which are recommended to be implemented by the global community of securities custodians and intermediaries in order to address the critical challenges posed by financial crime, with a 2019 deadline, which includes:

·Complete, release and maintain supporting documents

·Maintain and review the Principles annually

·Engage with the regulatory, member and service provider communities

·Publish list of screening and KYC providers

In this initiative, large domestic and international securities firms are mirroring their banking counterparts by more aggressively sharing information on clients and criminal tactics to both shield the sector from illicit entry and craft and share best practices for anti-money laundering (AML) program duties and how they weave into that, at-times, complicated, convoluted and intermediated securities sector. To read more, click here.

Sanctions

The U.S. Department of Justice (DOJ) in October charged Singapore-based commodities broker Tan Wee Beng for allegedly acting as a front to use the U.S. financial system to conduct millions of dollars’ worth of transactions to finance shipments of goods to North Korea.

Beginning in 2011, according to charging documents, Beng conspired to use commodities businesses, including an unnamed Company-1, of which he was both an owner and director, and front companies in Singapore, Thailand, Hong Kong, and elsewhere to violate and evade both prohibitions against North Korea’s access to the U.S. financial system and prohibitions on dealings with certain North Korean entities identified by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC), including Daedong Credit Bank (DCB), which was designated by OFAC in 2013.

To read the DOJ release, click here. To read the OFAC releases, click here and here.

J.P. Morgan to pay more than $5 million to settle allegations of violating sanctions: U.S. Treasury

J.P. Morgan Chase Bank has agreed to pay $5.3 million to settle allegations it violated Cuban Assets Control Regulations, Iranian sanctions and Weapons of Mass Destruction sanctions 87 times, the U.S. Treasury said last month.

Treasury also said it had found the bank violated sanctions on narcotics and Syria, when it processed 85 transactions, totaling $46,127, and maintained accounts for six sanctioned individuals.

A major reason the penalty was as small as it was, was that the bank self-identified and voluntarily disclosed the breaches more than six years ago along with engaging in an aggressive remediation that included an overall transaction monitoring and sanctions screening systems upgrade, according to a bank spokesman. To read more analysis, click here.To read the full action, click here.

Wildlife trafficking

A Missing Page: Strengthening the financial sector response to the illegal wildlife trade to better tackle a growing transnational crime

The continued failure to target the proceeds of the illegal wildlife trade is undermining the response to this transnational crime, according to a new RUSI report released last month.

Across the supply chain, for every animal or animal part poached illegally from the wild, money changes hands. Alongside the animals themselves, money moves in markets, on online platforms and between corrupt officials. This illegal trade does not only affect wildlife: it is organized financial crime run on an industrial scale for profit.

Recognition that the illegal wildlife trade is not only a crime against the environment, but also a financial crime conducted for profit is gathering momentum. But recognizing the profit motive behind IWT is just the first step.

Taking action to identify the illicit proceeds of IWT and the use of financial investigation, confiscation laws and money-laundering charges to tackle criminals’ ill-gotten gains must be prioritized if the ‘financial’ appeal of IWT is to be addressed. To read the full RUSI report, click here.

Crypto corner

Whilst the Taskforce appreciates that cryptoassets have the potential to bring benefits to markets, firms and consumers, there remains considerable risks that Her Majesty’s Treasury (HMT), the Bank of England and the FCA will take action to mitigate. According to the October report.

Key risks include: harm to consumers and market integrity, the use of cryptoassets for illicit activities and potential future threats to financial stability. In order to mitigate these risks, the Taskforce has committed to a number of actions, including consulting on:

Perimeter guidance by the end of 2018 to clarify which cryptoassets fall within the existing regulatory perimeter, and those cryptoassets that may fall outside;

Whether the regulatory perimeter requires extension to capture cryptoassets that have comparable features to specified investments, but currently fall outside the perimeter;

Implementing one of the most comprehensive responses globally to the use of cryptoassets for illicit activities by applying and going further than the fifth EU Anti-Money Laundering Directive, (via the FCA).

State rules

Gotham’s banking regulator last month penalized the New York branch of the largest and oldest bank in the United Arab Emirates $40 million for a host of financial crime compliance deficiencies, including lax oversight of dollar clearing portals for high-risk countries, monitoring and reporting on suspicious activity and policies for dealing with rogue regimes.

The New York State Department of Financial Services (NYDFS), which worked in concert with the Federal Reserve, also required that Dubai-based Mashreqbank hire an outside consultant to engage in a transaction lookback to find any missed instances of aberrant activity during a six-month period in mid-2016. The penalty continues a trend of federal and New York regulators focusing on foreign banks with operations in the United States that also have sprawling correspondent banking networks – particularly those with connections to banks in regions to be at a higher risk for money laundering, corruption or terror finance.

For instance, Mashreq’s New York branch offers correspondent banking and trade finance services and provides U.S. dollar clearing services to clients located in Southeast Asia, the Middle East and Northern Africa – regions that “present a high risk in connection with financial transactions,” according to the NYDFS. To read the full action, click here. To read ACFCS coverage of the action, click here.

FATF

Global AML watchdog in first plenary under U.S. presidency, to prioritize regulations for virtual currency sector, updated fincrime risks in insurance, securities sectors, regtech, and more

The Paris-based Financial Action Task Force (FATF), which sets global financial crime standards, in its first October action under a U.S. presidency has highlighted a bevy of major anti-money laundering (AML) risks and vulnerabilities, from the real to the virtual worlds.

The group is planning on tackling in the next year current hot button issues, including rules and regulations around virtual currency firms, stronger tactics to uncover and disrupt the financing of terror groups like ISIS and enhanced strategies to detect and deter the funding cycles related to weapons of mass destruction.

FATF as well stated it is looking to June to set down more explicit crypto AML regulations that global jurisdictions would, in response, be required to craft more prescriptive licensing schemes or regulations for crypto exchanges and possibly digital wallet providers under the new rules.

In a statement released on Friday, the group said that "there is an urgent need for all countries to take coordinated action to prevent the use of virtual assets for crime and terrorism.” To read more, click here.

United Kingdom

Average fine for U.K. data breaches doubles to £146,000 in just a year: report

Britain’s Information Commissioner’s Office has increased the total value of fines in the past year for data breach incursions, which was marked by a number of penalties being issued to high profile firms. The average value of fines issued by the Information Commissioner’s Office for failing to protect against data breaches has doubled to £146,000 in the year to September 30 2018, up from £73,000 the year before.

The total value of penalties imposed by the Information Commissioner’s Office (ICO) rose to £4.98 million last year, up 24 percent from £4 million the year before. To read more, click here.

UK FCA tackles crypto compliance, fincrime

U.K. Financial Conduct Authority publishes thematic review of financial crime occurring in the virtual currency space, in its, “Money Laundering and Terrorist Financing Risks in the E-Money Sector,” with reviewers heaping relatively high praise for both understanding of AML programs and terror finance risks, implementation and reporting of aberrant activity.

Overall, the “majority of EMIs we visited had effective AML systems and controls to mitigate their money laundering and terrorist financing risk,” according to examiners. “We generally observed a positive culture, and good awareness and understanding of their financial crime obligations.

The EMIs generally demonstrated a low financial crime risk appetite. Most have relatively few high-risk customers in their e-money customer base.” However, some firms did fail to properly document and record their risk analyses, assessments and decision-making related to filing suspicious activity reports while in another instance, the “business-wide risk assessment is too generic and not tailored to the firm’s specific business model and product offerings.” To read the full report, click here.

Canada

The Department of Finance Canada is proposing an overhaul the country’s existing anti-money laundering/counter-terrorism financing regime, both to strengthen the timeliness and intelligence value of filings to fight financial crime and be more in line with global standards.

The amendments proposed earlier this year to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA), if enacted in their current form, will introduce numerous changes.

A main objective of the reform effort is to improve the quality of financial intelligence made available to law enforcement and thereby improve efforts by authorities to combat money laundering and terrorist financing. To achieve this, the proposed amendments would impose additional compliance requirements on the private sector to provide high-quality financial intelligence, effectively recruiting financial institutions to fight on the front lines. To read more analysis, click here.

European Union

EU should set up anti-money laundering body, publish fines: experts

The European Union should set up a new agency to counter money laundering after a series of high-profile cases at banks bared weaknesses in the system, an influential think-tank said in a recent report, urging full disclosure of fines imposed on wrongdoers.

Over the last months, lenders in Denmark, Estonia, Latvia, Luxembourg, Malta, Spain, the Netherlands, Britain and Cyprus have been embroiled in money laundering scandals, with criminal schemes often executed through foreign branches within the EU.

Increased media attention to recent cases has pushed EU regulators to discuss limited changes to the bloc’s legal framework, but proposals to slightly increase the monitoring powers of the European Banking Authority (EBA) face opposition in some member states. To read the full report, click here. To read more analysis, click here.

EU Council adopts new regulation to bolster controls on cash entering and leaving the EU

The regulation will improve the existing system of controls on cash entering or leaving the EU, according to a statement by the council, adding that the move puts the country in line with the latest international standards set out by global AML standards-setting body the Paris-based Financial Action Task Force.

In practical terms, the new regulation extends the definition of cash to cover not only banknotes but also other instruments or highly liquid commodities such as cheques, traveler’s cheques, prepaid cards and gold. The regulation is also extended to cover cash that is sent by post, freight or courier shipment. The new legislation extends the obligation of any citizen entering or leaving the EU and carrying cash to a value of €10 000 or more to declare it to the customs authorities. To read more, click here.

Denmark

Danske Bank clears whistleblower to speak freely in European Parliament

A whistleblower who helped to reveal a major money laundering scandal at Danske Bank has been freed of confidentiality obligations to the company ahead of his testimony in the European Parliament next month.

The scandal involves 200 billion euros ($230 billion) in payments through Danske's Estonian branch between 2007 and 2015, many of which Denmark's largest bank said in a report last month it regards as suspicious.

Howard Wilkinson, a British trader in Danske Bank's Estonia branch until 2014, is scheduled to testify at public hearings in Copenhagen on Nov. 19, and in Brussels on Nov. 21. To read more analysis, click here.

Denmark plans to strengthen its financial regulator to make it better able to fight money laundering, its business minister last month, as the country’s largest bank, Danske Bank is embroiled in a major scandal.

The scandal involves 200 billion euros ($230 billion) in payments through Danske’s Estonian branch between 2007 and 2015, many of which the bank said in a report last month it thinks are suspicious. The scandal has led the bank’s former chief executive Thomas Borgen to resign and almost halved Danske Bank share price since February.

The FSA’s handling of the Danske Bank case has been widely criticized, and the European Union’s banking supervisor has begun an inquiry into it. To read more analysis, click here.

Sweden

In a continuing crackdown in Europe and Scandinavia, Sweden’s financial watchdog has identified weaknesses and deficiencies in Nordea Bank Abp’s work to counter money laundering.

The findings were made in a review this year of how Nordea follows rules in areas such as risk assessment and client knowledge and included in a letter sent by the Swedish Financial Supervisory Authority to Nordea’s management and board.

The review follows the warnings and fines Nordea and Handelsbanken got from the FSA in 2015 after deficiencies were found in their work to prevent money laundering. Nordea has since invested heavily in measures to fight such financial crime, and has also exited risky portfolios and beefed up its compliance department. To read more analysis, click here.

Latvia

A Latvian regulator has penalized a home country bank 2.2 million euros, or $1.9 million, for “serious” financial crime compliance deficiencies, including failing to query customers to determine risk or source of funds, poor transaction monitoring systems and not following up on large, suspicious, out-of-scope transactions.

The Board of the Financial and Capital Market Commission (FCMC) recently levied the fine on the joint stock company LPB Bank, which provides a range of banking products and services primarily for private and corporate clients in Latvia, the EU and internationally.

The Bank had failed to set up its internal control system appropriate to operational risks that would ensure efficient compliance with regulatory provisions, for example:

Øthe Bank failed to document the manner how the beneficiary of customer exercised utmost control over the company and benefitted from the economic activities of the customer;

Øthe Bank failed to timely obtain documents to verify the origin of the funds in the customer accounts, and whether the transaction volumes were proportionate to the amount of the funds received in the account. To read the full action, click here. To read ACFCS coverage of the action, click here.

Australia

The Commonwealth Bank scandal is evidence of widespread and systematic failure by Government to ensure financial market integrity, transparency and accountability and by all accounts is just the tip of the fraud iceberg, with anti-money laundering compliance among the broad control failures.

The seriousness of the allegations is confirmation of governments’ ongoing unwillingness to tackle decades of endemic fraudulent practices within the Australian financial markets which has acted to further erode and undermined public confidence. To read more analysis, click here.